CN115001904A - High-availability NAT gateway design method - Google Patents
High-availability NAT gateway design method Download PDFInfo
- Publication number
- CN115001904A CN115001904A CN202210596790.9A CN202210596790A CN115001904A CN 115001904 A CN115001904 A CN 115001904A CN 202210596790 A CN202210596790 A CN 202210596790A CN 115001904 A CN115001904 A CN 115001904A
- Authority
- CN
- China
- Prior art keywords
- nat
- leader
- availability
- processor
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 230000006870 function Effects 0.000 claims abstract description 14
- 238000012544 monitoring process Methods 0.000 claims abstract description 13
- 230000000737 periodic effect Effects 0.000 claims abstract description 3
- 230000002159 abnormal effect Effects 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 4
- 230000001360 synchronised effect Effects 0.000 claims description 4
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 230000000295 complement effect Effects 0.000 abstract description 2
- 230000007547 defect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0654—Management of faults, events, alarms or notifications using network fault recovery
- H04L41/0668—Management of faults, events, alarms or notifications using network fault recovery by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0876—Aspects of the degree of configuration automation
- H04L41/0886—Fully automatic configuration
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a high-availability NAT gateway design method, which comprises the following steps: s1, creating an NAT cluster, and selecting a leader through an election module; s2, issuing configuration to a leader server; s3, agent regularly pushes the standby service configured to the agent; s4, carrying out periodic monitoring to judge the state of the virtual machine, if the state of the virtual machine is normal, continuously monitoring, otherwise, executing the step S5; s5, triggering an election mechanism and cutting functions; s6, the service is provided to the outside through the new leader, and then step S2 is performed. The invention has the beneficial effects that: a high-availability NAT gateway design method increases the high availability of gateway functions, ensures continuous services, can dynamically expand the number of services of the gateway, realizes automatic synchronization of configuration, does not need to complement the configuration after virtual shutdown, and quickly provides services.
Description
Technical Field
The invention belongs to the technical field of private cloud, and particularly relates to a design method of a high-availability NAT gateway.
Background
Vpc (virtual Private cloud) is a custom, Private, isolated network environment that a user applies based on a cloud service provider. And services on the user cloud are all based on the VPC, and the services are processed in the VPC. If a user wants to interact with an external network, there is a way to do so through a NAT gateway. The user realizes the function of accessing the Internet through the NAT gateway function, thereby providing services. The function of the NAT gateway in the current scheme is realized on a hardware firewall, the hardware firewall has a bottleneck of specification, and the dependence on hardware equipment is removed through open-source soft realization. Therefore, the flexibility of a network architecture is improved, but the open-source NAT has a defect, high availability cannot be realized, only a single edition is adopted, and if the virtual machine for operating the NAT is down, the current VPC service cannot access the external network, so that the service of a user is influenced.
Disclosure of Invention
In view of the above, the present invention is directed to a method for designing a highly-available NAT gateway, so as to solve at least one of the problems in the background art.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
in a first aspect, the present disclosure discloses a method for designing a high-availability NAT gateway, including the following steps:
s1, creating an NAT cluster, and selecting a leader through an election module;
s2, issuing configuration to a leader server, wherein the leader server stores all ip addresses of the cluster;
s3, each gateway service has an agent, the control plane issues the configuration to the leader server, and the agent of the leader is regularly pushed and configured to other servers of the cluster;
s4, carrying out periodic monitoring to judge the state of the virtual machine, if the state of the virtual machine is normal, continuously monitoring, otherwise, executing the step S5;
s5, when the main lead is abnormal and crashes, the control surface triggers an election mechanism to randomly ping other servers in the cluster, if the ping is on, the server is elected to be a lead, the function of the previous lead is cut into the new lead server, and the configuration of the old lead is eliminated;
s6, the service is provided to the outside through the new leader, and then step S2 is performed.
Further, in step S1, a NAT product is created, and a cluster of NAT services is created, where the NAT services run on different servers.
Further, in step S1, a leader is selected by the election module, and the role of each NAT service is divided.
Further, in step S2, the NAT configuration is issued on the leader service, and the configuration is pushed to other standby services.
Further, in step S4, the monitoring module of the control plane continuously monitors the state of the virtual machine, including the connectivity of the link, and if the state in the cycle is normal, the monitoring of the next cycle is performed.
Further, in step S4, if the leader virtual machine is found to be abnormal, an election operation is immediately performed to switch the service to the new leader to provide the service, and since the configurations are all synchronous, there is no need to reissue the configurations.
In a second aspect, the present disclosure discloses an electronic device, which includes a processor and a memory, wherein the memory is communicatively connected to the processor and is configured to store executable instructions of the processor, and the processor is configured to execute the method for designing a high-availability NAT gateway according to the first aspect.
In a third aspect, the present disclosure provides a server, including at least one processor, and a memory communicatively connected to the processor, where the memory stores instructions executable by the at least one processor, and the instructions are executed by the processor to cause the at least one processor to execute the method for designing a high-availability NAT gateway according to the first aspect.
In a fourth aspect, the present disclosure discloses a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the method for designing a high-availability NAT gateway according to the first aspect is implemented.
Compared with the prior art, the method for designing the high-availability NAT gateway has the following beneficial effects:
the high-availability NAT gateway design method increases the high availability of gateway functions, ensures continuous services, can dynamically expand the number of services of the gateway, realizes automatic synchronization by configuration, does not need to complement and send the configuration after the virtual machine is down, and quickly provides the services.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a schematic diagram of a design scheme of a high-availability NAT gateway according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an implementation procedure according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
Vpc (virtual Private cloud) is a custom, Private, isolated network environment that a user applies based on a cloud service provider. And services on the user cloud are all based on the VPC, and the services are processed in the VPC. If a user wants to interact with an external network, there is a way to do so through a NAT gateway. The user realizes the function of accessing the Internet through the NAT gateway function, thereby providing services. The function of the NAT gateway in the current scheme is realized on a hardware firewall, the hardware firewall has a bottleneck of specification, and the dependence on hardware equipment is removed through open-source soft realization. Thereby increasing the flexibility of the network architecture. However, the open source NAT has a defect that high availability cannot be achieved, and is only a single version. If the virtual machine running the NAT is down, the current VPC service cannot access the external network, and the service of the user is influenced.
In order to solve the problem that a single NAT down affects services, a main standby scheme is provided. Namely, n (n > ═ 2) virtual machines are created, and the n virtual machines run on different servers and simultaneously run the function of the NAT. Only one of the N virtual machines provides external service, and the rest of the N virtual machines are used as backup. The control plane performs leader election. The virtual machines realize the automatic synchronization of configuration through preassembling agents. And the control plane is issued and configured to the leader virtual machine. And informs the leader virtual machine of the ip address of the slave virtual machine. The Leader continuously informs the slave virtual machines of synchronous configuration, and the consistency of the configuration among the n virtual machines is ensured. And the control surface continuously monitors the state of the virtual machine at the bottom layer, if the virtual machine is down or abnormal, the leader is reselected, the virtual machine with the problem is removed, and the new leader virtual machine starts to provide service. And after the virtual machine is repaired, adding the virtual machine into the cluster and using the virtual machine as a slave virtual machine. Thereby achieving high availability of the NAT function.
There are two core points, first: how to do the election is here done in a fast-positioning way, i.e. the first ping goes on and returns, i.e. as the person of lea. Secondly, the method comprises the following steps: how to monitor the state of the virtual machine, the control surface is provided with a monitoring module, the state of the virtual machine is obtained by continuously obtaining the preset service in the virtual machine, and the virtual machine is reselected when the abnormal condition occurs.
The flow chart is shown in fig. 2, and the steps are as follows:
1. create NAT products and create clusters of NAT services running on different servers.
2. And selecting a leader through an election module, and dividing roles of each NAT service.
3. And sending the NAT configuration on the leader service, and pushing the configuration to other standby services.
4. The monitoring module of the control plane continuously monitors the state of the virtual machine, including the connectivity of the link. If the state in the period is normal, monitoring the next period
5. If the virtual machine of the leader is abnormal, the election work is immediately carried out, the service is switched to a new leader to provide service, and the configuration is synchronous, so that the configuration does not need to be reissued.
Those of ordinary skill in the art will appreciate that the elements and method steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of clearly illustrating the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided in the present application, it should be understood that the disclosed method and system may be implemented in other ways. For example, the division of the above-mentioned units is only a logical function division, and other division manners may be available in actual implementation, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. The units may or may not be physically separate, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment of the present invention.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and should not be taken as limiting the scope of the present invention, which is intended to cover any modifications, equivalents, improvements, etc. within the spirit and scope of the present invention.
Claims (9)
1. A method for designing a high-availability NAT gateway is characterized by comprising the following steps:
s1, creating an NAT cluster, and selecting a leader through an election module;
s2, issuing configuration to a leader server, wherein the leader server stores all ip addresses of the cluster;
s3, each gateway service has an agent, the control plane issues the configuration to the leader server, and the agent of the leader is regularly pushed and configured to other servers of the cluster;
s4, carrying out periodic monitoring and judging the state of the virtual machine, if the state of the virtual machine is normal, continuously monitoring, otherwise, executing the step S5;
s5, when the main lead is abnormal and crashes, the control surface triggers an election mechanism to randomly ping other servers in the cluster, if the ping is on, the server is elected to be a lead, the function of the previous lead is cut into the new lead server, and the configuration of the old lead is eliminated;
s6, the service is provided to the outside through the new leader, and then step S2 is performed.
2. The method for designing the high-availability NAT gateway according to claim 1, wherein: in step S1, a NAT product is created and a cluster of NAT services is created, where the NAT services run on different servers.
3. The method for designing the high-availability NAT gateway according to claim 1, wherein: in step S1, a leader is selected by the election module, and role division is performed for each NAT service.
4. The method for designing the high availability NAT gateway according to claim 1, characterized in that: in step S2, the NAT configuration is issued on the leader service, and the configuration is pushed to another standby service.
5. The method for designing the high availability NAT gateway according to claim 1, characterized in that: in step S4, the monitoring module of the control plane continuously monitors the state of the virtual machine, including the connectivity of the link, and if the state in the cycle is normal, the monitoring of the next cycle is performed.
6. The method for designing the high availability NAT gateway according to claim 1, characterized in that: in step S4, if the leader virtual machine is found to be abnormal, an election operation is immediately performed to switch the service to the new leader to provide service, and since the configurations are all synchronous, there is no need to reissue the configurations.
7. An electronic device comprising a processor and a memory communicatively coupled to the processor and configured to store processor-executable instructions, wherein: the processor is configured to perform a method of designing a high availability NAT gateway as set forth in any one of claims 1-6.
8. A server, characterized by: comprising at least one processor, and a memory communicatively coupled to the processor, the memory storing instructions executable by the at least one processor to cause the at least one processor to perform a method of designing a high availability NAT gateway as recited in any of claims 1-6.
9. A computer-readable storage medium storing a computer program, characterized in that: the computer program when executed by a processor implements a method of high availability NAT gateway design according to any of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210596790.9A CN115001904A (en) | 2022-05-30 | 2022-05-30 | High-availability NAT gateway design method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210596790.9A CN115001904A (en) | 2022-05-30 | 2022-05-30 | High-availability NAT gateway design method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115001904A true CN115001904A (en) | 2022-09-02 |
Family
ID=83029820
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210596790.9A Pending CN115001904A (en) | 2022-05-30 | 2022-05-30 | High-availability NAT gateway design method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115001904A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116055299A (en) * | 2023-01-18 | 2023-05-02 | 紫光云技术有限公司 | Method for optimizing cut-off after soft gateway fault recovery |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107357800A (en) * | 2017-05-18 | 2017-11-17 | 杭州沃趣科技股份有限公司 | A kind of database High Availabitity zero loses solution method |
CN107465765A (en) * | 2017-09-21 | 2017-12-12 | 深圳市视维科技股份有限公司 | A kind of intelligent use gateway realization method based on container cloud |
CN109617731A (en) * | 2018-12-21 | 2019-04-12 | 青岛海信智慧家居系统股份有限公司 | Adaptive gateway role configuration method and device under a kind of multi-gateway environment |
CN109783264A (en) * | 2018-12-29 | 2019-05-21 | 南京富士通南大软件技术有限公司 | A kind of High Availabitity solution of database |
WO2021217872A1 (en) * | 2020-04-29 | 2021-11-04 | 平安科技(深圳)有限公司 | Method and apparatus for configuring gateway node on the basis of virtual private cloud, and medium |
-
2022
- 2022-05-30 CN CN202210596790.9A patent/CN115001904A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107357800A (en) * | 2017-05-18 | 2017-11-17 | 杭州沃趣科技股份有限公司 | A kind of database High Availabitity zero loses solution method |
CN107465765A (en) * | 2017-09-21 | 2017-12-12 | 深圳市视维科技股份有限公司 | A kind of intelligent use gateway realization method based on container cloud |
CN109617731A (en) * | 2018-12-21 | 2019-04-12 | 青岛海信智慧家居系统股份有限公司 | Adaptive gateway role configuration method and device under a kind of multi-gateway environment |
CN109783264A (en) * | 2018-12-29 | 2019-05-21 | 南京富士通南大软件技术有限公司 | A kind of High Availabitity solution of database |
WO2021217872A1 (en) * | 2020-04-29 | 2021-11-04 | 平安科技(深圳)有限公司 | Method and apparatus for configuring gateway node on the basis of virtual private cloud, and medium |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116055299A (en) * | 2023-01-18 | 2023-05-02 | 紫光云技术有限公司 | Method for optimizing cut-off after soft gateway fault recovery |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105743692B (en) | Policy-based framework for application management | |
CN109167702A (en) | A kind of distributed test method and device based on load balancing | |
US9331891B2 (en) | Virtual consolidated appliance | |
US10771318B1 (en) | High availability on a distributed networking platform | |
GB2407887A (en) | Automatically modifying fail-over configuration of back-up devices | |
CN108628716B (en) | Information receiving and managing system, method and device | |
US7681088B2 (en) | Apparatus expressing high availability cluster demand based on probability of breach | |
US11153269B2 (en) | On-node DHCP implementation for virtual machines | |
CN106603319B (en) | Fault processing method, management server and logic server | |
CN106911802B (en) | The dispositions method and device of the management platform of distributed block storage system | |
CN110572284B (en) | Method, device and system for upgrading virtual network element | |
CN115001904A (en) | High-availability NAT gateway design method | |
CN111459639A (en) | Distributed task management platform and method supporting global multi-machine-room deployment | |
CN113596152A (en) | Load balancing implementation method, system and device | |
CN113079098B (en) | Method, device, equipment and computer readable medium for updating route | |
CN112860485A (en) | Control method of dual-computer hot standby system based on keepalived | |
US20170141950A1 (en) | Rescheduling a service on a node | |
CN111817953A (en) | Method and device for electing master equipment based on Virtual Router Redundancy Protocol (VRRP) | |
CN116192885A (en) | High-availability cluster architecture artificial intelligent experiment cloud platform data processing method and system | |
WO2020103627A1 (en) | Service self-healing method and device based on virtual machine disaster recovery, and storage medium | |
JP5631285B2 (en) | Fault monitoring system and fault monitoring method | |
CN115499296B (en) | Cloud desktop hot standby management method, device and system | |
US9019964B2 (en) | Methods and systems for routing application traffic | |
CN109936482B (en) | Operation and maintenance method and system of node equipment | |
JP5277229B2 (en) | Cluster system recovery method, server and software |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220902 |
|
RJ01 | Rejection of invention patent application after publication |